Announcement

Collapse
No announcement yet.

Where do I apply my outbound ACL on this router? VLAN1 maybe?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Where do I apply my outbound ACL on this router? VLAN1 maybe?

    I need to apply an outbound ACL to this cisco 1800 series router. I think I apply it to vlan1, but I'm not sure. Here are the interfaces:

    Code:
    FastEthernet0              unassigned      YES TFTP   up                    up      
    FastEthernet1              100.100.100.100  YES NVRAM  up                    up      
    BRI0                       unassigned      YES TFTP   administratively down down    
    BRI0:1                     unassigned      YES unset  administratively down down    
    BRI0:2                     unassigned      YES unset  administratively down down    
    FastEthernet2              unassigned      YES unset  up                    up      
    FastEthernet3              unassigned      YES unset  up                    down    
    FastEthernet4              unassigned      YES unset  up                    down    
    FastEthernet5              unassigned      YES unset  up                    down    
    FastEthernet6              unassigned      YES unset  up                    up      
    FastEthernet7              unassigned      YES unset  up                    down    
    FastEthernet8              unassigned      YES unset  up                    down    
    FastEthernet9              unassigned      YES unset  up                    up      
    Vlan1                      192.168.1.2     YES NVRAM  up                    up      
    Tunnel0                    unassigned      YES TFTP   up                    down    
    Tunnel6                    192.168.28.1    YES NVRAM  up                    up      
    Tunnel5                    192.168.27.1    YES NVRAM  up                    up      
    Tunnel4                    192.168.25.1    YES NVRAM  up                    up      
    Tunnel3                    192.168.24.1    YES NVRAM  up                    up      
    Tunnel2                    192.168.23.1    YES NVRAM  up                    up      
    Tunnel1                    192.168.22.1    YES NVRAM  up                    up      
    NVI0                       100.100.100.100  YES unset  up                    up      
    Dialer0                    200.200.200.200   YES NVRAM  up                    up      
    Virtual-Access1            unassigned      YES unset  up                    up      
    Virtual-Access2            unassigned      YES unset  up                    up
    There is already an inbound ACL on Dialer0 (which is our main dsl internet connection):
    Code:
    interface Dialer0
    ip access-group Out2In in
    ip nat outside
    ...
    
    interface Vlan1
     description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$FW_INSIDE$
     ip address 192.168.1.2 255.255.255.0
     no ip redirects
     no ip unreachables
     no ip proxy-arp
     ip nat inside
     ip virtual-reassembly
     ip route-cache same-interface
    Would I run this command on vlan1 to apply an outbound ACL?
    ip access-group inside_out in

    Thanks for any help!

  • #2
    Re: Where do I apply my outbound ACL on this router? VLAN1 maybe?

    Where do you want the filtering to occur? When applying an ACL to an SVI like VLAN 1 the "in" referes to traffic coming from that VLAN going out. "out" refers to traffic coming from another network to VLAN 1. Its a bit odd as technically the VLAN1 interface is a virtual interface.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: Where do I apply my outbound ACL on this router? VLAN1 maybe?

      I want the filtering to occur on the LAN (192.168.1.0/24). Everything from the LAN going to the internet needs to be filtered.

      Comment


      • #4
        Re: Where do I apply my outbound ACL on this router? VLAN1 maybe?

        Then I would put the ACL inbound on the VLAN 1 interface.



        int Vlan 1
        ip access-group "Your ACL" in
        CCNA, CCNA-Security, CCNP
        CCIE Security (In Progress)

        Comment

        Working...
        X